Skills
skills/fandhe-ai/agent-cli-skills/sync-skills-lock/Gen Agent Trust Hub

sync-skills-lock

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill sets the environment variable GIT_SSL_NO_VERIFY=1 during repository cloning operations. This disables standard SSL/TLS certificate validation, which can expose the agent to man-in-the-middle (MITM) attacks where an attacker could intercept or modify data during transmission.
  • [COMMAND_EXECUTION]: The skill incorporates user-provided input via the $ARGUMENTS variable directly into shell logic (TARGET="$ARGUMENTS"). If the execution environment does not properly sanitize these arguments, it could potentially be exploited for command injection.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the gh CLI to clone remote repositories from the Fandhe-AI organization on GitHub. It implements a safety check to ensure only repositories with the Fandhe-AI/ prefix are processed, which mitigates the risk of cloning from unauthorized sources.
  • [COMMAND_EXECUTION]: The skill performs file system modifications using jq and mv to update local configuration files (skills-lock.json) and uses git to commit these changes to the local repository.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 07:51 AM
Security Audit — agent-trust-hub — sync-skills-lock